Kerberos OpenLDAP Frontend
g.w@hurderos.org
g.w at hurderos.org
Mon Oct 8 10:01:41 EDT 2007
On Oct 5, 12:25pm, Simon Wilkinson wrote:
} Subject: Re: Kerberos OpenLDAP Frontend
Good morning to everyone, hope your week is starting out well.
> On 4 Oct 2007, at 19:02, Booker Bense wrote:
>
> >
> > The only reason to put in a LDAP back end is to simplify the
> > account management
> One thing I keep thinking about implementing is an LDAP->kadmin
> proxy. You'd still have the KDC database in the current DB format,
> but you'd be able to access it through an overlay on your OpenLDAP
> server, which would translate LDAP actions into kadmin RPCs.
Its the most reasoned and secure approach available for integrating
Kerberos and LDAP.
I've started bolting together a backend to OpenLDAP to implement this
functionality. Its currently waiting for snow to overtake the
northern plains and force me off my bicycle and into the house in the
evenings... :-)
The main issue is an LDAP scheme to implement. There are some bits
and pieces floating around but nothing I would consider definitive
beyond what Novell implemented for the back-end project. Group
consensus on a suitable schema would be an important and enabling
first step.
> S.
Best wishes for a productive week.
}-- End of excerpt from Simon Wilkinson
As always,
Greg Wettstein
------------------------------------------------------------------------------
The Hurderos Project
Open Identity, Service and Authorization Management
http://www.hurderos.org
"We know that communication is a problem, but the company is not going
to discuss it with the employees."
-- Switching supervisor
AT&T Long Lines Division
More information about the Kerberos
mailing list